Skip to content

Commit

Permalink
vfio/pci: Fix buffer overrun when writing the VF token
Browse files Browse the repository at this point in the history 
qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the
recently added UUID_STR_LEN which defines the correct size.

Fixes: CID 1522913
Fixes: 2dca1b3 ("vfio/pci: add support for VF token")
Cc: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit f8d6f3b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
  • Loading branch information
@legoater
legoater authored and Michael Tokarev committed Nov 9, 2023
1 parent 6ede082 commit 47c408b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion hw/vfio/pci.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2987,7 +2987,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
int groupid;
int i, ret;
bool is_mdev;
char uuid[UUID_FMT_LEN];
char uuid[UUID_STR_LEN];
char *name;

if (!vbasedev->sysfsdev) {
Expand Down

0 comments on commit 47c408b

Please sign in to comment.